How do I reset all gatekeeper rules?

So I made a really stupid mistake and while trying to delete a gatekeeper rule from the command line I managed to delete all of them.

Command I ran

spctl --remove

New Output of List

Nathaniels-MacBook-Pro:~ nathanielsuchy$ spctl --list
error: no matches for search or update operation

Before it had a ton of rules. How do I reset gatekeeper to factory defaults?


Solution 1:

Luckily for me I knew how to read the man pages. From that I found a default copy was at /var/db/SystemPolicy-default and was able to copy it to the normal system policy location

Command To Run:

Nathaniels-MacBook-Pro:~ nathanielsuchy$ sudo cp /var/db/.SystemPolicy-default /var/db/SystemPolicy

From the Man Pages

FILES
     /var/db/SystemPolicy  The system policy database.
     /var/db/.SystemPolicy-default
                           A copy of the initial distribution version of the
                           system policy database.  Useful for starting over
                           if the database gets messed up beyond recognition.

The developers included a default copy to ensure that if you mess up the database, you can simply copy the default database to the database location, reboot, and be ready to roll.

However there is an even easier way to do this, it's also the recommended way. See the man pages:

 --reset-default
          Unconditionally reset the system policy database to its default
          value. This discards all changes made by administrators. It also
          heals any corruption to the database. It does not implicitly
          either enable or disable the facility. This must be done as the
          super user. Reboot after use.

Just run:

sudo spctl --reset-default

and then reboot your Mac and everything will be back to normal.

Fixed Output: system enabled with default rules again

Now everything's back to normal: screenshot of blocked execution As shown I cannot install any new apps that are not from the App Store. While the gatekeeper system is disabled or if it has no rules, I can load the app without an issue. Thought disabling gatekeeper isn't recommended from a security context, it's better to grant exemptions to trusted and verified apps that are not signed, though the best and most security friendly way to do things is to sign your apps without an exeception.

In the future always be careful when adjusting gatekeeper rules though I'm glad there's a simple way to reset it back to the default set of rules. It could of been a lot worse without a copy of the default rule set.